Cross-Site Scripting Attacks: Classification, Attack, and Countermeasures
暫譯: 跨站腳本攻擊:分類、攻擊與對策
Gupta, B. B., Chaudhary, Pooja
相關主題
商品描述
Social network usage has increased exponentially in recent years. Platforms like Facebook, Twitter, Google+, LinkedIn and Instagram, not only facilitate sharing of personal data but also connect people professionally. However, development of these platforms with more enhanced features like HTML5, CSS, XHTML and Java Script expose these sites to various vulnerabilities that may be the root cause of various threats. Therefore, social networking sites have become an attack surface for various cyber-attacks such as XSS attack and SQL Injection. Numerous defensive techniques have been proposed, yet with technology up-gradation current scenarios demand for more efficient and robust solutions.
Cross-Site Scripting Attacks: Classification, Attack, and Countermeasures is a comprehensive source which provides an overview of web-based vulnerabilities and explores XSS attack in detail. This book provides a detailed overview of the XSS attack; its classification, recent incidences on various web applications, and impacts of the XSS attack on the target victim. This book addresses the main contributions of various researchers in XSS domain. It provides in-depth analysis of these methods along with their comparative study. The main focus is a novel framework which is based on Clustering and Context based sanitization approach to protect against XSS attack on social network. The implementation details conclude that it is an effective technique to thwart XSS attack. The open challenges and future research direction discussed in this book will help further to the academic researchers and industry specific persons in the domain of security.
商品描述(中文翻譯)
社交網路的使用在近年來呈指數增長。像是 Facebook、Twitter、Google+、LinkedIn 和 Instagram 等平台,不僅促進了個人資料的分享,還在專業上連結了人們。然而,這些平台的開發引入了更多增強功能,如 HTML5、CSS、XHTML 和 JavaScript,使這些網站暴露於各種漏洞中,這些漏洞可能是各種威脅的根本原因。因此,社交網路網站已成為各種網路攻擊的攻擊面,例如 XSS 攻擊和 SQL 注入。雖然已提出許多防禦技術,但隨著技術的升級,當前的情況要求更有效和穩健的解決方案。
《跨站腳本攻擊:分類、攻擊與對策》是一本全面的資源,提供了基於網路的漏洞概述,並詳細探討了 XSS 攻擊。本書詳細介紹了 XSS 攻擊的概況;其分類、最近在各種網路應用程式上的事件,以及 XSS 攻擊對目標受害者的影響。本書針對 XSS 領域中各研究者的主要貢獻進行了探討,並提供了這些方法的深入分析及其比較研究。主要焦點是一個基於聚類和上下文的清理方法的新框架,以保護社交網路免受 XSS 攻擊。實施細節表明,這是一種有效的技術來阻止 XSS 攻擊。本書中討論的開放挑戰和未來研究方向將有助於學術研究者和行業專業人士在安全領域的進一步研究。
作者簡介
B. B. Gupta received PhD degree from Indian Institute of Technology Roorkee, India in the area of Information and Cyber Security. He published more than 200 research papers in International Journals and Conferences of high repute including IEEE, Elsevier, ACM, Springer, Wiley, Taylor & Francis, Inderscience, etc. He has visited several countries, i.e. Canada, Japan, USA, UK, Malaysia, Australia, Thailand, China, Hong-Kong, Italy, Spain etc to present his research work. His biography was selected and published in the 30th Edition of Marquis Who's Who in the World, 2012. Dr. Gupta also received Young Faculty research fellowship award from Ministry of Electronics and Information Technology, Government of India in 2018. He is also working as principal investigator of various R&D projects. He is serving as associate editor of IEEE Access, IEEE TII, and Executive editor of IJITCA, Inderscience, respectively. At present, Dr. Gupta is working as Assistant Professor in the Department of Computer Engineering, National Institute of Technology Kurukshetra India. His research interest includes Information security, Cyber Security, Mobile security, Cloud Computing, Web security, Intrusion detection and Phishing.
Pooja Chaudhary is currently pursuing her PhD Degree from National Institute of Technology (NIT), Kurukshetra, Haryana, India, in Information and Cyber Security area. She has completed her Master of Technology (M.Tech) degree in area of Cyber Security from National Institute of Technology (NIT), kurukshetra, Haryana, India. She has received her B.Tech degree in Computer Science and Engineering from Bharat Institute of Technology, Meerut, India, affiliated to Uttar Pradesh Technical University. Her areas of interest include Online Social Network (OSN) security, Big data analysis and security, Database security and cyber security, and Internet of Security (IoT) Security. She has published a number of research papers with various reputed publishers, i.e. IEEE, Springer, Wiley, Inderscience and so on.
作者簡介(中文翻譯)
B. B. Gupta 於印度羅爾基印度科技學院(Indian Institute of Technology Roorkee)獲得資訊與網路安全領域的博士學位。他在包括 IEEE、Elsevier、ACM、Springer、Wiley、Taylor & Francis、Inderscience 等高聲望的國際期刊和會議上發表了超過 200 篇研究論文。他曾前往多個國家,如加拿大、日本、美國、英國、馬來西亞、澳大利亞、泰國、中國、香港、義大利、西班牙等地展示他的研究成果。他的傳記於 2012 年被選入《馬奎斯世界名人錄》第 30 版。Gupta 博士於 2018 年獲得印度電子與資訊技術部頒發的青年教師研究獎學金。他目前擔任多個研發項目的首席研究員,並擔任 IEEE Access、IEEE TII 的副編輯,以及 Inderscience 的 IJITCA 執行編輯。目前,Gupta 博士在印度庫魯克舍特拉國立技術學院(National Institute of Technology Kurukshetra)計算機工程系擔任助理教授。他的研究興趣包括資訊安全、網路安全、行動安全、雲端運算、網頁安全、入侵偵測和網路釣魚。
Pooja Chaudhary 目前正在印度哈里亞納邦庫魯克舍特拉國立技術學院(National Institute of Technology, Kurukshetra)攻讀資訊與網路安全領域的博士學位。她在印度哈里亞納邦庫魯克舍特拉國立技術學院獲得了網路安全領域的科技碩士(M.Tech)學位。她在印度梅魯特的巴拉特科技學院(Bharat Institute of Technology)獲得了計算機科學與工程的學士學位,該學院隸屬於北方邦技術大學。她的研究興趣包括在線社交網路(OSN)安全、大數據分析與安全、資料庫安全與網路安全,以及物聯網(IoT)安全。她已與多家知名出版商(如 IEEE、Springer、Wiley、Inderscience 等)發表了多篇研究論文。
